The curriculum of business schools are filled with case studies of companies that took short cuts to become competitive and accomplished the exact opposite. For the information security world, there is a similar “penny-wise, pound-foolish” behavior in the notorious “Checkbox Assessment.” These are security or compliance assessments that have little basis in reality and are […]
A powerful new GUI for Nmap – WinMap
“The needs of the many outweigh the needs of the few, or the one.” This was Spock’s pragmatic wisdom from Star Trek II: The Wrath of Khan, which was a inspirational movie for me when I was 12. Now 30 years later, it is still a good quote for security leaders to ponder.
All good things must come to an end. In the late 90’s I was fortunate to be involved with the development of one of the first intrusion prevention systems (BlackICE). It was a defining job for me since I learned so much working with the NetworkICE people, notably Robert Graham, Clinton Lum, and the late […]
What is the difference between Unified Threat Management (UTM) and Next Generation Firewalls (NGFW)? Anitian explored these two technologies and finds they are much more similar than some people want you to believe.
While Black Hat has been notably quieter and less frothy this year, this article (published in 2010) still rings true. Hype damages the ability of people to make sound, rational, risk-based analysis of security issues.
A zillion or so years ago, humans developed writing. This was a big deal for civilization. People could document things like how to get rid of lice, defend castles from Huns and which berries are toxic. Civilization would have quickly succumbed to lice, toxic berries and Huns were it not for the foresight of learned […]
In the ten years Anitian has been working incident response and digital forensic cases, our analysts have observed many ingenious ways to break into systems and applications. However, they rarely encounter an ingenious root cause for the vulnerabilities. After all the analysis and disk imaging is complete, the root cause is almost always the same: […]
I find your lack of a scope of compliance disturbing.
What is it about Palo Alto Networks? They seem more like a cult than a firewall manufacturer.